Our sister site, AccountingWEB.co.uk reports that MySpace and Facebook users are being targeted with variants of a new worm that is being propagated via bogus comments that direct them to infected websites, according to security specialist Kapersky Lab.
Unsuspecting networkers who follow the links could end up downloading the Koobface worm which can co-opt their computers into an e-mail zombie botnet.
Net-Worm.Win32.Koobface.a is spread via MySpace while Win32.Koobface.b targets Facebook users. Both viruses create spam messages and send them to an infected user's friends with comments such as:
- Paris Hilton Tosses Dwarf On The Street
- Examiners Caught Downloading Grades From The Internet
- Hello; You must see it!!! LOL. My friend catched you on hidden cam
The messages and comments include links to a fake YouTube-like site, where the user is asked if he or she wants to download the latest version of Adobe's Flash Player. Instead, the download installs a file called codesetup.exe to the victim machine to propagate the worm.
The Koobface worm confirms warnings from earlier in the year that online networking sites such as Facebook and MySpace would be targeted by hackers.
"Unfortunately users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high," said Alexander Gostev, senior virus analyst at Kaspersky Lab.
"At the beginning of 2008 we predicted that we'd see an increase in cybercriminals exploiting MySpace, Facebook and similar sites, and we're now seeing evidence of this. I'm sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity."